<?php
include "config.php";

$stack_serve = array();
$username = $_GET['username'];
$password = $_GET['password'];
$start = $_GET['start'];
$stack = $_GET['stack'];
$album = $_GET['album'];

$sql = mysql_query("select id from filebin_users where user_name='".$loc->db_cmp($username)."' and pass_word='".$loc->db_in($password)."'");
$resEx = mysql_fetch_array($sql);
//echo mysql_error();
if(!$resEx['id']){echo "Your access is forbidden. Thank you."; exit;}

$qry = "select * from filebin_files where album='".$album."' and uid='".$loc->db_cmp($resEx['id'])."' order by date desc limit ".$loc->db_cmp($start).",".$loc->db_cmp($stack);
//echo $qry;
$sel = mysql_query($qry);
//echo mysql_error();
while($res = mysql_fetch_array($sel)){

	$typeArr = explode("/" , $res['type']);
	$destApp = THUMBS_DIR . $res['filecode'] . ".jpg";
	$imgDat = @getimagesize($destApp);
	
	if($typeArr[0] == "image" && $typeArr[1] != "psd" && $typeArr[1] != "eps" && $imgDat != false){
		$url = WEB_ROOT . "download.php?filecode=" . $loc->db_out($res['filecode'])."&type=thumb";
	}else{
		$url = WEB_ROOT . "download.php?filecode=" . $loc->db_out($res['filecode']);
	}


	$filename = $loc->db_out($res['filename']);
	if(strlen($loc->db_out($res['filecode'])) > 5 && strlen($loc->db_out($res['filename'])) > 0){
		$stack_serve[] = $url."<|>".$filename;
	}
}

$stack_return = implode("," , $stack_serve);

unset($stack_serve);

echo $stack_return;

?>